Sounds very interesting. This being hacker news, are you able to elaborate a bit on the specifics, specifically the type of crypto and how it was broken?
I wonder what the "most embarrassing way" would mean in this context -- I'm thinking timing attack or padding oracles, but it sounds like it might have been even more trivial.
Very close to a real world scenario. I usually bring it up to compare big teams to small. (Our small team was being replaced by a big, expensive team, and I found an issue in 15 minutes that the new team had created - despite sharing my findings immediately, it still took their team weeks to find it "on their own", admit to it, and finally fix it.)
There was a CAPTCHA used to prevent bot spam on a contest entry portal. The code that randomized the image displayed was modified to be stored in an application cache that persisted across sessions (meaning every "user" saw the same image and could use the same answer). Guess how useful that was in preventing bot spam?
(The fix was to delete one or two lines of code that were not only not helpful, but obviously harmful!)
I wonder what the "most embarrassing way" would mean in this context -- I'm thinking timing attack or padding oracles, but it sounds like it might have been even more trivial.